log4j in .patch_storage
Hi Community,
Our Nessus Scans are finding vulnerable log4j-1.2.17.jar files on our Oracle WebLogic Server 12.2.1.3. They are found in the %Oracle_Home%.patch-storage directory. Understanding that these files are used for roll back.
Questions:
1) Are this files really vulnerablities as they are not active in an application?
2) If yes, should I just delete/move them?
thanks